MultiLayer Switching (MLS) is Ethernet-based routing switch technology by Cisco that provides Layer 3 (L3) switching in conjunction with existing routers. This document covers only IP MLS. Internetwork Packet Exchange (IPX) MLS and Multicast MLS are beyond the scope of this document.
There are no specific requirements for this document.
The information in this document is based on these software and hardware versions:
Supervisor Engine 4.1(1) or later
Catalyst 5000 family switch with Supervisor Engine II G or III G, or Supervisor Engine III or III F with a NetFlow Feature Card (NFFC) or NFFC II
If running MLS over ATM media, Catalyst 5000 family ATM module software release 11.3(8)WA4(11) or later, or release 12.0(3c)W5(10) or later
MLS is supported on all Catalyst 6500 and 6000 switches with Supervisor Engine 1 or 1A using the MultiLayer Switch Feature Card (MSFC) or MSFC2. MLS is enabled by default internally between the Supervisor module and MSFC. No MLS configuration is required on the Supervisor Command Language Interpreter (CLI) or the routing module. The Catalyst 6500 and 6000 do not support external MLS (MLS-RP).
Note: The Catalyst 6500 and 6000 MSFC2 with PFC2 (Supervisor Engine 2) and Supervisor Engine 720 with MSFC3 perform L3 switching using Cisco Express Forwarding (CEF) and do not require MLS internally. They do not support external MLS (MLS-RP).
Route Switch Module (RSM), Route Switch Feature Card (RSFC), or external Cisco 7500, 7200, 4700, 4500, or 3600 series router
Cisco IOS® Software Release 11.3(2)WA4(4) or later on the RSM, or on Cisco 7500, 7200, 4700, and 4500 series routers
Cisco IOS Software Release 12.0(3c)W5(8a) or later on the RSFC
Cisco IOS Software Release 12.0(2) or later on Cisco 3600 series routers
Cisco IOS Software Release 12.0(3c)W5(8) or later on the MLS-RP, if running MLS over ATM media
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
For more information on document conventions, refer to the Cisco Technical Tips Conventions.
Traditional routers typically perform two main functions: route processing calculation and packet switching based on a routing table (Media Access Control [MAC] Address rewrite, redo checksum, Time To Live [TTL] decrement, and so forth). The major difference between a router and an L3 switch is that packet switching in a router is done in software by microprocessor-based engines, whereas packet switching in an L3 switch is done in hardware by specific Application Specific Integrated Circuits (ASICs).
MLS requires these components:
MultiLayer Switching Engine (MLS-SE)—Responsible for packet switching and rewrite functions in custom ASICs, and capable of identifying L3 flows.
MultiLayer Switching Route Processor (MLS-RP)—Informs the MLS-SE of MLS configuration, and runs Routing Protocols (RPs) for route calculation.
MultiLayer Switching Protocol (MLSP)—Multicast Protocol messages sent by the MLS-RP to inform the MLS-SE of the MAC address used by MLS-RP, routing and access list changes, and so forth. The MLS-SE uses that information to program the custom ASICs.
In this section, you are presented with the information to configure the features described in this document.
Note: Use the Command Lookup Tool (registered customers only) to obtain more information on the commands used in this section.
This document shows an IP MLS sample configuration using an RSM, as shown in this network diagram:
In the diagram above, PC-A (A) wants to communicate with PC-B (B). They are in different VLANs, so the traffic is routed via the RSM (the default gateway for the PCs). The first packet is sent by PC-A and is routed by the RSM towards PC-B. A shortcut (A » B) is created, and all subsequent packets will be L3 switched by the MLS-SE, using the Supervisor Engine running on the NFFC.
Note: The entry for a shortcut is unidirectional, so another entry will be created when PC-B communicates with PC-A.
The examples below show the PC communication, the MLS shortcut, and other MLS information.
PC-A# ping 126.96.36.199
!--- Pinging PC-B.
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echoes to 188.8.131.52, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
This output is generated by issuing the indicated commands on the switch.
switch-MLS-SE (enable) show mls entry
Destination IP Source IP Prot DstPrt SrcPrt Destination Mac Vlan Port
--------------- --------------- ---- ------ ------ ----------------- ---- -----
184.108.40.206 220.127.116.11 ICMP - - 00-d0-58-43-9f-60 11 6/11
!--- As in the note above, there are two shortcuts A » B and B » A.
18.104.22.168 22.214.171.124 ICMP - - 00-00-0c-07-ac-01 12 6/12
switch-MLS-SE (enable) show mls
Multilayer switching enabled
!--- By default, MLS is enabled on the switch.
Multilayer switching aging time = 256 seconds
Multilayer switching fast aging time = 0 seconds, packet threshold = 0
Current flow mask is Destination flow
Configured flow mask is Destination flow
Total packets switched = 8
!--- Five echoes and five replies were sent; the first echo and reply went !--- through the RSM, and subsequent echoes and replies were L3 switched, !--- which gives us a total of eight L3 switched packets and two shortcuts.
Active shortcuts = 2
Netflow Data Export disabled
Total packets exported = 0
MLS-RP IP MLS-RP ID XTAG MLS-RP MAC-Vlans
---------------- ------------ ---- ------------------ --------------
126.96.36.199 00100b108800 2 00-10-0b-10-88-00 11-12
switch-MLS-SE (enable) show mls statistics rp
Total packets switched = 8
Active shortcuts = 2
Total packets exported= 0
MLS-RP IP MLS-RP ID packets bytes
--------------- ------------ ---------- ------------
188.8.131.52 00100b108800 8 944
RSM-MLS-RP# show mls rp
multilayer switching is globally enabled
mls id is 0010.0b10.8800
mls ip address 184.108.40.206
!--- IP address of MLS-RP.
mls flow mask is destination-ip
number of domains configured for mls 1
vlan domain name: sales
current flow mask: destination-ip
current sequence number: 3150688457
current/maximum retry count: 0/10
current domain state: no-change
current/next global purge: false/false
current/next purge count: 0/0
domain uptime: 1d00h
keepalive timer expires in 8 seconds
retry timer not running
change timer not running
1 management interface(s) currently defined:
vlan 11 on Vlan11
2 mac-vlan(s) configured for multi-layer switching:
!--- VLANs and interfaces participating in MLS.
router currently aware of following 1 switch(es):
switch id 0050.d133.2bff
!--- MAC address of the MLS-SE.
In this example, the RSM is used as the MLS-RP, with this software version:
IOS (tm) C5RSM Software (C5RSM-JSV-M), Version 11.3(9)WA4(12) RELEASE SOFTWARE
Copyright (c) 1986-1999 by Cisco Systems, Inc.
The software version on the switch is as follows:
WS-C5509 Software, Version McpSW: 4.5(2) NmpSW: 4.5(2)
Copyright (c) 1995-1999 by Cisco Systems, Inc.
On the switch, MLS is enabled by default. There is no need to specify the MLS-RP IP address if it is the RSM. Conversely, for an external router acting as the MLS-RP, you need to configure the switch with this IP address by issuing this command, where IPaddress is the IP address of the external MLS-RP:
set mls include IPaddress
Use this procedure to configure the router:
Enable MLS in global configuration mode by issuing the mls rp ip command.
Router(config)# mls rp ip
Assign a Virtual Terminal Protocol (VTP) domain on one MLS interface.
Router(config-if)# mls rp vtp-domain VTP_domain_name
Note: You can determine the VTP domain name (VTP_domain_name in the example above) by issuing the show vtp domain command on the switch.
Enable MLS on the interface so that it can participate in the shortcut process.
Router(config-if)# mls rp ip
Specify a router interface as a management interface, which allows the MLS-SE and MLS-RP to communicate using a multicast protocol (MLSP).
Router(config-if)# mls rp management-interface
Repeat Steps 2 and 3 for all interfaces participating in MLS.
Note: Step 4 is needed only once on one interface for MLSP to allow communication (MLS-RP «» MLS-SE).
The MLS-RP current configuration is as follows:
| MLS-RP (RSM)
mls rp ip
ip address 220.127.116.11 255.255.255.0
mls rp vtp-domain sales
mls rp management-interface
mls rp ip
ip address 18.104.22.168 255.255.255.0
mls rp vtp-domain sales
mls rp ip
line con 0
line aux 0
line vty 0 4
For MLS to work, the MLS-SE must see the packet go to the MLS-RP and come back out from the same MLS-RP to the same MLS-SE.
The MLS-SE never gets involved in any routing protocols or route calculation. All routing protocols are run by the MLS-RP; for example, Open Shortest Path First (OSPF), Enhanced Interior Gateway Routing Protocol (EIGRP), Interior Gateway Routing Protocol (IGRP), Routing Information Protocol (RIP), and so forth.
The MLS-RP is not aware that the MLS-SE is forwarding some packets on its behalf.
If the MLS-SE can not establish an L3 entry for any reason, it sends the packet to the MLS-RP for normal routing; it does not drop the packet.
Hot Standby Router Protocol (HSRP) and MLS can interoperate without any problems.
The mls and ip cef on exact-route commands for the same DA give different results. This is a normal behavior. The ip cef command information is software-based. This is calculated from the routing table and MAC address table. However, the mls cef command is Hardware forwarding information which is based on software CEF and can be changed by a load balancing algorithm.
The mls ip cef load-sharing simple command gives a better load balance and avoids a new adjacency in the forwarding engine. Also, the mls ip cef load-sharing full command is a load balancing algorithm recommended for a single-stage CEF that includes a load balancing algorithm for L4 ports. In order to achieve the best CEF load balancing, alternate L3 and L4 hashing on access, distribution and core routers, and use this type of configuration:
The mls ip cef load-sharing full command can improve load balancing if there is a good mix of L4 ports in the network. With the SRB2 image it can used in all adjacencies such as ip2ip, ip2tag, tag2tag and tag2ip cases. However, with SRA it works only with ip2ip, ip2tag adjacency.
Once you have configured MLS, you will see entries in the MLS cache (shortcuts).
The MLS mechanism is relatively simple: PC-A sends the initial packet, and the router rewrites the Layer 2 (L2) address and completes the L3 fields.
The enabler packet is returned and now the shortcut is complete; subsequent packets for this flow will be L3 switched.
In summary, this is the process for all L3 switched packets:
The candidate packet is sent to the router.
The enabler packet is sent by the router.
Everything is configured to get the shortcut and start the L3 switching for this flow (A «» B).
Input access lists are supported with IP MLS beginning with Cisco IOS Software Release 12.0(2) and later. Before release 12.0(2), input access lists were not compatible with MLS.
Output access lists have always been supported.
Enabling IP accounting on an IP-MLS-enabled interface disables the IP accounting functions on that interface.
IP MLS is disabled on an interface when the data encryption feature is configured on the interface.